Gehan Gunasekara: Privacy breaches as bad as piracy

It was a tale of two raids. On the one hand there was the massive swoop carried out in New Zealand on Kim Dotcom and his acquaintances by the authorities acting on allegations by overseas intellectual property owners of illegal file sharing.

On the other hand there was the announcement by Google of its new Privacy Policy the effect of which will be to appropriate a significant amount of users' personal information for the benefit of Google and its business associates.

The law in both instances determined who gets to profit from the use of information and who does not and in both cases corporate power was able to trump the rights of individuals.

The comparison, it might be objected, is unfounded. To be sure, Kim Dotcom is presumed innocent until convicted, although he faces the unenviable process of extradition and trial.

Google is subject to an array of privacy and other laws. However, with the exception of fair trading laws in the United States, privacy laws globally are considerably weaker that the regimes that protect the rights of intellectual property owners.

For example, not long ago Google fell foul of privacy laws when it was found to have used personal information, gathered from its Gmail users to set up a social networking application (Google Buzz) without the consent of users.

This led merely to the company being sent a letter of reprimand from several national privacy authorities including New Zealand's - amounting to a rap over the knuckles with a wet bus ticket - as enforcement of privacy rules internationally is still in its infancy.

Despite this, the release of Google's new privacy policy should be welcomed. It makes transparent practices that previously may have been occurring surreptitiously and brings the company more into line with Facebook which explains how targeted advertising affects users and affords them an opportunity to customise settings. The disclosures are legally binding: failure to adhere to stated policy will amount to misleading and deceptive conduct under fair trading laws.

Facebook, earlier found to be in breach of its policies, agreed last year to a voluntary settlement with the United States Federal Trade Commission, whereby it will submit to privacy audits on a regular basis.

Continued below.

Related Content

In respect to some categories of information though users are denied the opportunity to consent to use, these include server log data and connectivity information, in short the websites we frequent, their frequency and who our friends are.

The content of our exchanges with friends is not pried upon but through the companies' ability to collect and use "aggregated non-personally identifiable information" the collective content of our communications is able to be subjected to analysis for instance to discover consumer habits, trends and topics of discussion.

Intellectual property piracy, it might be argued, denies owners the right to profit from their endeavours.

By contrast, the appropriation by corporations of individuals' personal information, such as their likes, dislikes, associations, friends and locations might be said to be harmless as individuals derive, in exchange, the use of these "free" social networking applications.

Whether the exchange is a fair or informed one is highly debatable. The question must be asked why companies such as Facebook are valued at hundreds of billions of dollars. Advertising revenue only partially explains this.

The real answer must be the platform Facebook (and Google) affords to derive value from the colossal amount of personal information they possess which is able to be mined, collated and used in future, perhaps in ways not yet imagined.

Companies such as Facebook are in many ways more akin to the providers of major infrastructure than to the providers of applications which use their services. Thus, both Facebook and Google provide messaging, e-mail and location services.

As with any infrastructure it may be used for good or evil (witness phenomena such as flash mobs). Personal information derived from such networks is clearly of increasing value to corporations. Fortunately, individuals are not entirely helpless. Moves are afoot to co-ordinate the regulation of privacy worldwide.

The European Union has just released its new Draft Directive which, amongst other things, requires any developers of new goods and services to incorporate "privacy by design" into their products. The United States Commerce Department has also released a Green Paper on Privacy recommending systemic regulation of the private sector in that country. Until, this occurs, however, the current imbalance ensures that the privacy of personal information is not taken anywhere nearly as seriously as is intellectual property piracy.

* Gehan Gunasekara is an associate professor in commercial law at the University of Auckland Business School